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[57] ABSTRACT 

jC^securTty^pp.ara first device for 

/ preventing unauthorized use of asecond device, ; the security} 
<apparatus T including a first circuit configured to generate an | 
^event-and a second circuit configured to provide an input toj 
the first device in response to each the event, to receivera 
^respojise-ff ona-the first-device : in response to the^ input, a nd 
•to ^assert a signal to disable the second device if theresponse 
^does not correspond to an expected responsef 

22 Claims, 2 Drawing Sheets 
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METHOD AND APPARATUS FOR FIG. 2 illustrates a method of securing a device, such as 

PREVENTING UNAUTHORIZED USAGE OF a computer system. 

A COMPUTER SYSTEM DETAILED DESCRIPTION 

BACKGROUND OF THE INVENTION 5 Tne presen , inve^n^aes a me.hoTd and aWaratus to 

1. Field of the Invention ^prev^nninauthorized.access of a.cx>mputersystem.siichjhat 
The present invention relates to the field of security the method and apparatus is less susceptible to unauthorized 

systems; more particularly, the present invention relates to a access to a password and/or means to defeat a mechanical 

method and apparatus for preventing unauthorized usage of * oc ^ 

a device, such as a computer system. 30 A key device is used to identify an authorized user. The 

2. Description of Related Art k ev device includes logic to process input data and trans- 
A computer system typically includes a mass storage form tbe daU tooulpuidata according to a predeter- 

device, such as a hard disFdriverwhichis often used tojstpre !5"2^ algomhr^A-security^^^ 

t confidentid:informaUo^Th-e^ con- ^ <injpuLdato_toJfie^^ 

fidentiality of thelnfomiation often far exceeds the value of rcce^the.ou^j^ 

the computer system itself. Uaat- the, output data matches the expected jesuluof-the^ 

„ . t ... * • . aljgorithnuapplied to thatinput data—The al&orithm is suf-^ 

Some computer systems utilize password protection to * . — 4 * -*-a-r~"~ ■ *• c . L 

,i • j 4 «j .■ i • r ficiently^complex-so-asztccprevent determination of the 

prevent unauthorized access to confidential information. .-^ * , r , . _ — ■.<_— r~r — • ? 

V, c . .i_ • r . j u .u _ « algontnm-by-unauthonzed users. The methods of selecting / 

Before access to the information is granted by the computer 20 ^ vr~i — -Ar- ^ — -iiV-^"^ —— 

, . j i , r ui ^ such algonthms are well-known., , 

system, the user is required to enter a password, preferably y ~ — to — _ ? /. 

known only to authorized users. One problem with password If the out P ut datarfiom-the-devioe does not match the 
protection is that many passwords are learned by unautho- expected result of the algorithm, the security apparatus 
rized users by numerous well known methods, such as f onLroLs a cntical component of the secured-device,.sjich-as 
overhearing the password being told to someone, overseeing 25 ^-computer system, to prevent access. For example, a critical 
the password being typed, or determining the password componenrmay-be-the power supply of the computer 
through the use of software tools that make numerous system. The computer system may either disable the power 
guesses until access is granted. Alternatively, password ^PP 1 ^ or cause the computer system to enter a non- 
protection may often be defeated by modifying software, operational low-power mode. Alternatively, the critical corn- 
such as the operating system, or replacing or rewriting the 30 P ° neDl may , be lhe dnve which- may -contain 
bidirectional input/output system (BIOS), for example, to P/bjertcdjaformaUon/ Thus, = for^xajnp^ 
bypass the password request routine. Thus, password pro- systMamjy. disable acrcss to^pon^ 
tection may not provide an adequate level of protection orshufdown-the hard disk. In-yet-another-embodiment-a 
against unauthorized access when considering the potential cnticap 0 mponent;may be a bus with m the computer system 

value of the information stored in the computer system. 35 r s ^ at J he computer^^ 

... u • i i i .u . ^without the use of'that bus77 ^ 

Some computer systems utilize a mechanical lock that J 

acts as a switch to control access to the mass storage device. If the outpufdata from the device ^pesj^c^eexpected 

Before access to the information is granted by the computer r 5 S - U iL°! the al S°" th f m ' the s^nty^pparaius,controIs-the^ 

system, the user is required to use a mechanical key to turn <^cal_compone^ 

the lock to the active position. One problem with a mechani- 40 ^ security device is preferably^implemeji^^ 

cal lock is that such a system may be defeated by stealing or / wa re oth erthan theJ?ro^o^thme^uj^y^ucB that 

duplicating the mechanical key. Alternatively, the mechani- it cannot.be.disabledlbyjhe user through the secured device, 

cal lock may be bypassed through relatively simple Jhe "5^"^' device ^ therefore, dlstinguished:from polling 

mechanical or electrical means, such as picking the lock or f routines that areimple menTe d insoftware that may often^e 

shorting the open circuit of the mechanical lock in the 45 LdefeateB by raodifyin^softwafe, such as the operating^ 

inactive position. Thus, mechanical lock protection may not ^H m ^ or re Pl acin S pr rewriting the bidirectional input/ 

provide an adequate level of protection against unauthorized i output, system (BIOS), for*example. In,addition,_ajsecurity 

access when considering the potential value of the informa- L r q^yice4mplemented Jn^hardware is not vulnerable to sot^] 

tion stored in the computer system. <war e viruse s. -■■ - - 

What is needed is a method and apparatus to prevent 50 In order to provide security against lost, stolen, or coun- 

unauthorized access of a computer system such that the lwfeh_key.devices,.a,password. processor 

method and apparatus is less susceptible to unauthorized /password processor_reo^ests^passworcU^ 

access than a password and/or a mechanical lock. iriterface-uporTan eventrsuch as the r^weru^upof^the; 

secured^ device. If the proper password is^not- provided 

SUMMARY OF THE INVENTION 55 prompjiy^cces^ is deluedrprefer? . 

^A'Security^appJ^ aMy^asjiescrfo^ 

prev'eTiTinjfunauthorized use of a second device7the security* ^ably-implementcdln hardware other tbanUheXPUjsuch that 

"Capparajus includihg^firsrcircuit configured to generate an it-caonolbe disabled by the;user throughthejsecured device. 

<xvent and a secoj^ir^tjcpnfigured,- toiprovide an input to ; Jjhe~ password processwjs^erefqre _ disj[n^ished from 

^th^r^u^victTijj response to the event, to receive a response 60 password routines that are implemented in software Ah arm ay 

^fVom'lhVfi irsf device m" response to the input, and to ksserl ["often be defeated by modifying software, such as the oper/ 

'^rsignal to disablelhe second device if the response does not aling- system, or replacing or rewriting^ the bidirectional 

corSs^Md to.an-expected response: ^ ^input/output system (BIOS), for example. In addjtion, j 

- password processor implemented in hardware is not vulncr- y 

BRIEF DESCRIPTION OF THE DRAWINGS 65 kMcjolpf^ 

FIG. 1 illustrates computer system including a security FIG. 1 illustrates an embodiment of the security apparatus 

apparatus. of the present invention. FIG. 1 also illustrates a computer 
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system 170 comprising the security apparatus 180. A tunc- sufficiently complex so as to prevent determination of the 

tio'nal block 130 of the computer system may include a algorithm by unauthorized users. 

Srrcessor subsystem,.random access memory (RAM), and a lf ^ out , dala from , he deWce ^ not match , he 

mass storage device, such as a hard disk drive or FLASH ^ rcsu „ of , he a , gorithm> a disablc si , ^ 

1^^^^^ rI ^^?- ^ J ^A^ y ,i,' M ^ 5 on lhc «> ntrol bus 125 - If ,he 0Ut P ut da,a from lhe device 

c (EEPROM) t I. wUl be apparent to one stalled m he art tha , f f 

many well-known components of a computer system are not , * . ' 

illustratedliere to avoid obscuring the present invention. sl S nal 15 deasse «ed on thejcpn,trol,bus4-25r 



An event generator 100 is used to generate an event signal emb odime nt, the^Iling device llOjxrils itekey^ 

on an event bus 105. A polling device 110 is coupled to the 10 device_120 th^ugh^the-coinmur^ation channel US^D 
event bus 105, a communication channel 115, and a control (determines securitylevel, , w^hjsjtored^onahe key teyicp 
bus 125. The polling device uses the communication channel ^120f andpjovideslhat ^formation to the-secured deyjce~bn) 
115 to check for the presence of an authentic key device 120 Lr- tne security.leverbusa35? wJuch^is^c^led.toJhe,:polIihg J 
in response to each assertion of the event signal. If a key | de<?Ice M^Part of the information encoded^ntpohe key 
device is not detected or a key device is detected but not 15 device JL20,is the security le^foMhaLpartjculaxkey device^ 
authenticated, a disable signal is asserted on the control bus 1 , 20 - In one embodiment, the poUing^ic£110^:forone^ 
j25, °f a Plurality: of expected output data values (the result of? a 

In one embodiment, the event generator 100 is an periodic ;orrespondingralgoritom 
event generator comprising an oscillator, for example. In L Each expect^utput "data ^assoqMe^ 
another embodiment, the event generator 100 comprises a l^urity Jevel.~If~the^output_data majd^s^one^these 
real-time clock and logic to periodically assert the event expected output data values, ^ access to4he;securpd:devic^is 
signal in response to an output of the real-time clock. In permitted Mjhe-corr^ 
another embodiment, the event generator 100 is configured data^s-^m^ 
to assert the event signal before resuming system activity disable^al:^^ 
after an idle period since there can be no security breaches g^-X^me^^ 

without system activity. At least a portion of the event ca'd~120-may be used Thusrdifferenrusers may be 

generator 100, such as the real-time clock, may be part of an <S*ne£te.^ 

external device, such as a computer system. However, such secured.devics::For„examp security 
a configuration may permit the real-time clock to be disabled ( taej™yie^^ access whereaseacfrsucces-^ 

through software or hardware control, for example. 30 sively-lowersecun^ 

Therefore, the preferred embodiment of the event generator devices and/or mo^e jnmt ed portio nsof the memory. 
100 comprises components that are dedicated to the security {T^~securityjeyel-is-requested-in respp^se^each_asser- 
apparatus 180 such that software or hardware controls jiorTof the event~signaj : ^ternatjyely^he sej^rit y"leveHs^ ^ 
cannot disable the generation of the periodic signal beyond 'requested each time trlrsecurity apparatusrl80:detects:a jnewr ? 
powering down the computer system. In one embodiment, 35 ^key^vice-120cpupjedjo the communications channel-115. 
the period of the event signal is approximately 0.5 seconds. ( 9. tn ? r meth^-of d|^^M^hen:to:poli:the:key^evice 
A smaller period may yield higher security at the expense of 12iFfoWhe:security~l^^ 

system performance and a larger period may yield reduced In one embodiment, the polling device 110 receives 
security with increased system performance. It will be information from the secured device on the information bus 
apparent to one skilled in the art that the event signal may 40— l r 45 and transraits4ha"Linfomiation-ol^the-communications 

have other periods. ^""channel US tolthe key device 120. The key device 120 may 

In one embodiment, the key device 120~is^? Personal store or otherwise process this information. This information 
Computer (PC) card and the communicationschannel 115 is may include an identification of the secured device that was 
a PC bus slot. In another embodiment, the key device 120 being accessed with this particular key device 120 or a 
uses a two-wire protocol such as a System Management Bus 45 description of one or more activities being performed on the 
(SMBus), an Inter-Integrated Circuit I 2 C bus, or a PS/2 secured device, for example. This may provide the user of 
keyboard or mouse interface (a trademark of International the key device 120 a record of his presence and activity on 
Business Machines Corporation). In another embodiment, the secured device. For example, this information may be 
the key device 120 is a parallel port device and the com- recorded to document the time and productivity of a com- 
munications channel 115 is a parallel port. Alternatively, the 50 puter operator or provide proof of a banking related trans- 
key device 120 is a wireless device and the communications action on a computer system or a cash machine. In addition, 
channel 115 is a medium for electromagnetic transmission. the polling device 110 may also receive information from 
A wireless key device 120 may be maintained on an autho- the key device 120 on the communications channel and 
rized user's person such that access to the computer is transmit this information to the secured device on the 
permitted simply when his person is in the transmission 55 information bus 145. For example, this information may 
range of the polling device 110. It will be apparent to one uniquely identify the user such that information regarding 
skilled in the art that any means of communication between the usage and activities performed by this user may be 
two devices may be used as the communication channel 115. recorded by the secured device. 

The key device 120 has logic to process input data and In one configuration, the security apparatus 180 also 

transform it/tcTjompu^^ 60 includes a password processor 150 which initiates a request 

^algorith^The-polling„deyice.llO-provides a random input 7 for a password on the bus 165 in response to an event signal 
data^to-tfie^key-device 120 in response-to an event signal, I on an event bus 155. The bus 165 is coupled to a user- 
recei^^he^^tput^daja^from interface 160, which may include a video display to prompt 

y^r^eXthat:the~output^ataTmatches the expected^resultjof the user and a keyboard for the user to provide the password. 

Qhe algorithm.^The polli ng device 110 comprises logic to 65 However, other prompting devices, such as a speaker for an 
generaHe^al^om-^ audio prompt, and other input devices, such as a microphone 

'expected, output -data oLthe algorithm. The algorithm^is J coupled with speech recognition software, may be used. In 
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one embodiment, the event signal is asserted once the In step 210, a period of time is provided for a second data 

secured device is operational after powering up. However, to be received in response to the receipt of the first data. The 

other events may be used to cause the event signal to be second data corresponds to the output of an algorithm 

asserted. applied to the first data. In one embodiment, the second data 

If the user fails to promptly provide the appropriate 5 corresponds to one of a plurality of expected output data 

password, a disable signal is asserted on the control bus 175. values (the result of a corresponding algorithm applied to the 

If the user promptly provides the appropriate password, a same input data). Each expected output data is associated 

disable signal is deasserted on the control bus 175. The w i t h a different security level. The period of time provided 

control bus 175 and the control bus 125 are coupled to the & a matter Q f engineering choice 

SroiTlSS 83 ^ 10 8CDerale 3 11153516 Signd 00 10 In Step 215 ' iX * determined whelher the a**""* dala 15 

. ' , t , -.0*. . . , received within the period of time provided. If the second 

In one embodiment, the control bus 185 is coupled to a j,,, • , _ . . ■ ... ■ . . . 

. . . , ij4A . ' . f . , , , . data is not received during this period, step 235 is per- 

cntical device 140 within the functional block 130 to disable r „ A , . . - - , , . . , r 

t ... 1 1 * 1* j tormed. It the second data is received dun ng this period, step 

as functional, y when he disable signal » asserted 220 fe formed- ,„ one embodimenl) * he ^ d J a 

Alternat.vely, the cnuca device 140 may be coupled „ mc , udes informalion received from , he k device For 

r d H?^ > M ^H ol ^»^ ^^^^-^ 1 3^ example, this information may uniquely identify the user 

(rcnucal device44^s^^ such ^ dj y the usage and activities 

JL70~cannot fully function when this critical device-140-is. ^ * nm a u *w Z u a a .u j 

Ca- ui a h- n u — — — -n r-ir-j • *i- i- * a. 1 performed by this user may be recorded on the secured 

^disabledjLwill beapparent to one skilled in the art that theA device 

Qegree of non-functionaHty^of Jhe-computer-system 1704n , . . 

nsjsBSeTo the dsa^igSnTa^tteVof-engi?eeTinir 20 ,. ,n Slep ^ at ^st °ne expected result s computed using 

choice^PrefeTahlyT the computer system 170 is-disabled a? he , a PP r °P"f »lgWiUiin(s) app hed to the firs, data. MuJ- 

le'ast to the degree-thafcconfidential informatioTcIn^oTbe Uple f °»«P»t data values (the result of a correspond- 

'accessed. In one embodiment, the mtfcal-devi£--140 com^ mj&ombm apphed to the same mput data) are associated 

- - - , . . . 4 . / with different security levels, 

prises admass storage device in which-accessto. the_massj , J 

[.storage-device is disabled in response to the disable signal In ste P 225 > the data 1S com P ared to each of the at 

^another;emtodimem,4he^^ is^used4o leasl one ex P ected results. 

^determine which portions of the mass storage device may- be In ste P 230 > if tDe second data does not match any one of 

^accessed. Different portions of the mass storage device may tne at least one expected results, step 235 is performed. If the 

fcontakrinformation that is more or less confidential) than second data and one of the at least one expected results 

bmer^p^ons^Jnanother-embodiment; the-critical.devlce match > ste P 240 IS performed. 

140 comjmsesluTinternal system bus in which the internal 1° ste P 235, the disable signal is deasserted. 

system bus is disabled in response to the disable signal. In In step 240, a security level corresponding to the second 

still another embodiment, the critical device 140 is the data is determined. In one embodiment, the security level is 

power supply of the computer system 140 in which the 35 determined by which of the plurality of expected output 

power provided by the power supply is reduced or elimi- values matches the second data. 

nated in response to the disable signal. In yet another In step 245, the disable signal is asserted. In one 

embodiment, the disable signal causes the computer system embodiment, the disable bus is coupled to a critical com- 

to enter a standby mode. ponent of the secured device to disable its functionality 

In yet another embodiment, the security apparatus 180 is 40 when the disable signal is asserted, 

integrated onto other secured devices, such as the mass The invention has been described in conjunction with the 

storage device itself. Although the present invention is preferred embodiment. It is evident that numerous 

discussed in context of a computer system, it will be alternatives, modifications, variations and uses will be 

apparent to one skilled in the art that the present invention apparent to those skilled in the art in light of the foregoing 

may be applied to any device capable of being disabled or 45 description, 

otherwise controlled, such as a cellular phone, automobile, What is claimed is: 

or electronic door locks. 1. A security apparatus interfacing with a first device for 

FIG. 2 illustrates an embodiment of a method for securing preventing unauthorized use of a second device, said secu- 

a device, such as a computer system. rity apparatus comprising: 

In step 200, an event signal is asserted. In one 50 a.firstjcircuit^configured to generat e a firs t eve nt;^_ 

embodiment, the event signal is a periodically asserted \a second circuit configuredlo provide a first mput to said 

signal with a period of approximately 0.5 seconds. However, first device-ih-rcspoh^ to 

it will be apparent to one skilled in the art that the event receive] a response from said first device in responseto 

signal may have other periods. In another embodiment, the said first input, to assert a first signaL to disable said 

signal l is ^synchronously generated before resuming system 55 ^second device if said response does not~cofrespond-to^ 

activity after an idle period since there can be no security an expected response, and to provide a level of security' 

breaches without system activity. corresponding to a value included in the first device; 

In step 205, a first data is provided in response to an and 

assertion of the event signal. In one embodiment the first a third circuit configured to provide a password prompt in 

data includes information provided in response to an asser- 60 response to a second _event,4o~receive _ a secondTnpuH 

tion of the event signal. The key device may store or f^m~a~uW"interfoce .and to assert ^a_second signal to^ 

otherwise process this information. This information may ^isable said'second device if said second input doesjiot 

include an identification of the secured device that was being correspond-to-said-password. — 

accessed with this key device or a description of one or more 2JTie security_apparatus of claim 1 where in said firstV 
activities being performed on the secured device, for 653ircmt.generatesji periodic event.) 

example. This may provide the user of the key device a 3. The security. appanOus^Lelaim 1 wherein said first 
record of his presence and activity on the secured device. {ci^it genera te^_an asynchronous event. 
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/f 4. The security apjpu^nisjof.claim. 1 wherein said first *J a second device configured to be disabled in response to 

deviceJs_a_PCcard# said first signal; and 

5. The security apparatus of claim 1 wherein said first a third circuit configured to provide a password prompt in 
device is a wireless device. response to a second event, to receive a second input 

6. The security apparatus of claim 1 wherein said first 5 from a user interface and to assert a second signal to 
device uses a 2-wire protocol. disable said second device if said second input does not 

7. The security apparatus of claim 1 wherein said first correspond to said password. 

device uses parallel port protocol. 13 ^ security apparatus of claim 12 wherein said first 

8. The security apparatus of claim 1/wherein said.second 1 circuit generates a periodic event. 

event is generated in-resporBTtosiid second device being' 10 . 14 : llie WPMzius of claim 12 wherein said Grst 

powered urrf circuit generates an asynchronous event. 

■^TSele'curity^pparatusof claim 1-wherein said second^ deJfcc^a PC «rf ^ **** ° ^ 

circuit, jurther provides information to said first device in ^Tto comJU system of claim 12 wherein said first 

response.to.each sa.d event. device is a wireless device. 

10. The security ^apparatus of claim 9 whereinjari mjor- is 17 ^ mer tem of claim n wherein said fi[st 
mation comprises an identifier corresponding to said second"; device ^ a 2 . wire protocol 

ideyjce^j ^ ^ c gggm^y a p paratus 0 f claim 12 wherein said first 

11. The security, apparatus of claim-9 wherein sa.d infor-^ dcvicc ^ m o] 

manor, comprises a dcscnpt.pn of an activity being per- 19 ^ , er g of ^ n ^ 

formed jby said.second-dev.ce^ 20 circui , ides infonnation l0 said firet 

12. A computer system mterfacing with a first device for device in ^ , Q £ach ^ even , 
preventing unauthorized use, said computer system com- 2Q ^ mmpa{a systeffl rf ^ u wnereia ^ 

prising . circuit further provides information to said first device in 

a first circuit configured to periodically generate a first response to each said event. 

event; 25 21. The computer system of claim 20 wherein said 

a second circuit configured to provide a first input to said information comprises an identifier corresponding to said 

first device in response to each of said first event, to second device. 

receive a response from said first device in response to 22. The computer system of claim 20 wherein said 

said first input, to assert a first signal if said response information comprises a description of an activity being 

does not correspond to an expected response, and to 30 performed by said second device, 
provide a level of security corresponding to a value 

included in the first device; ***** 
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